No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S1700, S2720, S5700, and S6700 V200R019C10 Alarm Handling

This document provides the explanations, causes, and recommended actions of alarms on the product.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ARP

ARP

ARP_1.3.6.1.4.1.2011.5.25.123.2.1 hwEthernetARPSpeedLimitAlarm

Description

ARP/4/ARP_SUPP_TRAP:OID [OID] Exceed the speed limit value configured. (Ifnet index=[INTEGER], Configured value=[COUNTER], Sampling value=[COUNTER], Speed-limit type=[OCTET], Source Ip address=[IPADDR], Destination Ip address=[IPADDR], VPN-Instance name=[OCTET]).

The trap was generated when the transmitting rate of ARP packets or ARP Miss Messages was greater than the rate limit. You can run the arp speed-limit command to set the rate limit. The default rate limit is 500 bit/s.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.5.25.123.2.1

Warning

processingErrorAlarm(4)

Parameters

Name Meaning

OID

Indicates the MIB object ID of the alarm.

Ifnet index

Indicates the interface index.

Configured value

Indicates the configured rate limit.

Sampling value

Indicates the sampling of the number of packets received within a period.

Speed-limit type

Indicates the type of packets configured with timestamp suppression, for example, ARP and ARP Miss.

Source Ip address

Indicates source IP addresses.

Destination Ip address

Indicates the destination IP address.

VPN-Instance name

Indicates the VPN instance name.

Impact on the System

View the type of packets configured with timestamp suppression in trap messages.

If ARP packets are configured with timestamp suppression, some normal ARP packets are discarded. As a result, traffic cannot be forwarded normally.

If ARP Miss messages are configured with timestamp suppression, some ARP Miss messages are discarded. As a result, ARP Request messages cannot be triggered and thus traffic cannot be forwarded normally.

If this trap is cleared shortly, services will not be affected and the system will resume the normal operation.

If this trap is not cleared for a long time, the service processing capability of the system will be affected.

Possible Causes

1:

The interval for enabling the log function and sending traps for potential attack behaviors was set to Ns. Within the period of N+1s, the number of sent ARP packets was greater than the threshold. Within the first Ns, the average number of sent ARP packets was greater than the threshold.

2:

The interval for enabling the log function and sending traps for potential attack behaviors was set to Ns. Within the period of N+1s, the number of sent ARP Miss messages was greater than the threshold. Within the first Ns, the average number of sent ARP Miss messages was greater than the threshold.

Procedure

  1. Check the type of packets with timestamp suppression configured in trap messages.

    • If the type of packets is ARP, go to Step 2.
    • If the type of packets is ARP Miss, go to Step 4.

  2. Run the display arp speed-limit destination-ip command to obtain the ARP rate limit value on interfaces.
  3. Run the arp speed-limit destination-ip maximum maximum command to reconfigure the maximum value for timestamp suppression of ARP packets. This value must be greater than the value obtained in Step 2 but must be less than 16384; otherwise, the trap cannot be cleared. Check whether the trap is cleared.

    • If the trap is cleared, go to Step 7.
    • If the trap is not cleared, go to Step 6.

  4. Run the display arp_anti-attack configuration command to obtain the ARP Miss rate limit value on interfaces.
  5. Run the arp-miss speed-limit [ ip-address ] source-ip maximum maximum command to reconfigure the maximum value for timestamp suppression of ARP Miss packets. This value must be greater than the value obtained in Step 4 but must be less than 16384; otherwise, the trap cannot be cleared. Check whether the trap is cleared.

    • If the trap is cleared, go to Step 7.
    • If the trap is not cleared, go to Step 6.

  6. Collect alarm information and configuration information, and then contact technical support personnel.
  7. End.

Related Information

None

ARP_1.3.6.1.4.1.2011.5.25.123.2.4 hwEthernetARPThresholdExceedAlarm

Description

ARP/4/ARP_THRESHOLDEXCEED_TRAP:OID [OID] The number of ARP entries exceeded the threshold. (entPhysicalIndex=[INTEGER], Slot name=[OCTET], Threshold=[COUNTER], Number of dynamic ARP entries=[COUNTER], Number of static ARP entries=[COUNTER]).

The number of ARP entries exceeds the upper threshold.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.5.25.123.2.4

Warning

qualityOfServiceAlarm(3)

Parameters

Name Meaning

oid

Indicates the MIB object ID of the alarm.

entPhysicalIndex

Indicates the index of the physical entity.

Slot name

Indicates the device name.

Threshold

Indicates the alarm threshold, that is, 80 percent of the total number of ARP entries supported by the switch. The alarm threshold cannot be modified.

Number of dynamic ARP entries

Indicates the number of dynamic ARP entries.

Number of static ARP entries

Indicates the number of static ARP entries.

Impact on the System

If this alarm is displayed, the number of ARP entries on the device is great. If the number continuously increases, system resources become insufficient and no new ARP entries can be learned. As a result, service interruption may occur.

Possible Causes

The number of ARP entries on the device exceeded the upper threshold.

Procedure

  1. Run the display arp statistics command to view ARP entry statistics on the device and check whether there are more static ARP entries or dynamic ARP entries.

    • If there are more dynamic ARP entries, go to Step 2.
    • If there are more static ARP entries, go to Step 3.

  2. Run the display arp all command to identify the interface that has more ARP entries. Then run the display arp interface command to check ARP entries on the interface and determine whether these ARP entries are necessary for the interface.

    • If these ARP entries are necessary, go to Step 5.
    • If these ARP entries are not necessary, run the reset arp command to delete certain ARP entries (without system running being affected) and go to Step 4.

  3. Run the display current-configuration command to view static ARP entries and check whether these static ARP entries are necessary.

    • If these static ARP entries are necessary, go to Step 5.
    • If these static ARP entries are not necessary, run the undo arp static command to delete certain static ARP entries (without system running being affected) or run the undo arp staticreset arp static command to clear all static ARP entries. Then go to Step 4.

  4. Run the display arp statistics command to check whether the number of ARP entries still continuously increases unexpectedly.

    • If the number of ARP entries does not continuously increase, go to Step 6.
    • If the number of ARP entries still continuously increases, go to Step 5.

  5. Collect alarm information and configuration information, and then contact technical support personnel.
  6. End.

Related Information

None

ARP_1.3.6.1.4.1.2011.5.25.123.2.5 hwEthernetARPThresholdResumeAlarm

Description

ARP/4/ARP_THRESHOLDRESUME_TRAP:OID [OID] The number of ARP entries was restored to the threshold. (entPhysicalIndex=[INTEGER], Slot name=[OCTET], Threshold=[COUNTER], Number of dynamic ARP entries=[COUNTER], Number of static ARP entries=[COUNTER]).

The number of ARP entries falls below the upper threshold.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.5.25.123.2.5

 Warning

qualityOfServiceAlarm(3)

Parameters

Name Meaning

oid

Indicates the MIB object ID of the alarm.

entPhysicalIndex

Indicates the index of the physical entity.

Slot name

Indicates the device name.

Threshold

Indicates the alarm threshold, that is, 70 percent of the total number of ARP entries supported by the switch. The alarm threshold cannot be modified.

Number of dynamic ARP entries

Indicates the number of dynamic ARP entries.

Number of static ARP entries

Indicates the number of static ARP entries.

Impact on the System

None

Possible Causes

The number of ARP entries on the device fell below the upper threshold.

Procedure

  1. This alarm message is informational only, and no action is required.

Related Information

None

ARP_1.3.6.1.4.1.2011.5.25.123.2.6 hwEthernetARPIPConflictEvent

Description

ARP/4/ARP_IPCONFLICT_TRAP:OID [OID] ARP detects IP conflict. (IP address=[IPADDR], Local interface=[OCTET], Local MAC=[OCTET], Local vlan=[INTEGER], Local CE vlan=[INTEGER], Receive interface=[OCTET], Receive MAC=[OCTET], Receive vlan=[INTEGER], Receive CE vlan=[INTEGER], IP conflict type=[OCTET]).

An IP address conflict is detected by ARP.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.5.25.123.2.6

Warning

environmentalAlarm(6)

Parameters

Name Meaning

OID

Indicates the MIB object ID of the alarm.

IP address

IP address

Local interface

Interface recorded in the ARP entry of the IP address

Local MAC

Source MAC address recorded in the ARP entry of the IP address

Local vlan

VLAN recorded in the ARP entry of the IP address

Local CE vlan

CEVLAN recorded in the ARP entry of the IP address

Receive interface

Inbound interface of the second ARP packet with the IP address

Receive MAC

Source MAC address of the second ARP packet with the IP address

Receive vlan

VLAN configured on the inbound interface of the second ARP packet with the IP address

Receive CE vlan

CEVLAN configured on the inbound interface of the second ARP packet with the IP address

IP conflict type

IP address conflict type

Impact on the System

This alarm indicates that an IP address conflict occurred. If the IP address conflict is not eliminated timely, route flapping may occur and services may be interrupted.

Possible Causes

  • Cause 1: The source IP address in an ARP packet is the same as the IP address of the inbound interface that receives the ARP packet, but the source MAC address in the ARP packet is different than the MAC address of the inbound interface.

  • Cause 2: The source IP address in an ARP packet is the same as the IP address in an existing ARP entry, but the source MAC address is different than the MAC address in the ARP entry.

  • Cause 3: The source IP address in an ARP packet is 0.0.0.0 (probe ARP packet), the destination IP address is the same as the IP address of the inbound interface that receives the ARP packet, but the source MAC address in the ARP packet is different than the MAC address of the inbound interface.

Procedure

  1. Identify the devices or users that use the same IP address.

    • If the devices or users using the same IP address can be identified, modify the IP address of one device or user. Then, go to step 2.
    • If the devices or users using the same IP address cannot be identified, Collect alarm information and configuration information, and then contact technical support personnel.

  2. Run the display arp ip-conflict track command to check whether there is any IP address conflict information, or check whether there is any alarm generated for IP address conflict.

    • If there is any IP address conflict, go to step 1.
    • If there is no IP address conflict, go to step 3.

  3. End.
Translation
日本語 简体中文
Download
Updated: 2022-05-25

Document ID: EDOC1100127008

Views: 81319

Downloads: 335

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :